Angle Technical Case - Engineering Position

Context

On the 30th of July 2023, from 13:10 UTC, some Curve pools got hacked for a total amount of 70M$ (at the time).

The main reason is a reentrancy pattern due to a Vyper vulnerability on version 0.2.15, 0.2.16, and 0.3.0 that have been patched since.

Event timeline

Timing	Pool	Attacker	Target pool	Transaction
20230730 - 13:10 UTC	pETH/ETH for the NFT lending protocol JPEG’d	- Whitehat contract: 0x6Ec21d1868743a44318c3C259a6d4953F9978538 - Final Whitehat contract: 0x466B85B49EC0c5C1eB402d5EA3C4b88864Ea0f04 and 0x9420F8821aB4609Ad9FA514f8D2F5344C3c0A6Ab - BlackHat: 0x172f6FdEfEb079E435f22C918a919540F4721E60 - Blackhat contract: 0x6A1a7578e36cF0838C77F59d1f029873B8E0FF77	Proxy: 0x9848482da3Ee3076165ce6497eDA906E66bB85C5 - Logic: 0x6326DEbBAa15bCFE603d831e7D75f4fc10d9B43E	- Frontrunner tx: 0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c - Hacker original that has been frontrunned: 0xb5d91f1e0afc96a52f8c6c28eae405eda7fcc5d34d6d03bdd8b16bd58089e939
20230730 14:50 UTC	msETH/ETH for the Metronome DAO	- Attacker whitehat: 0xC0ffeEBABE5D496B2DDE509f9fa189C25cF29671 - Attacker whitehat contract: 0x7c28E0977F72c5D08D5e1Ac7D52a34db378282B3	0xc897b98272AA23714464Ea2A0Bd5180f1B8C0025	0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964
20230730 15:34 UTC	alETH/ETH for Alchemix DAO	- Attacker: 0xDCe5d6b41C32f578f875EfFfc0d422C57A75d7D8 - Attacker contract: 0x30FB95794a2051ABe30A67892B3A1FA73947aEE5	Proxy: 0x9848482da3Ee3076165ce6497eDA906E66bB85C5 - Logic: 0x6326DEbBAa15bCFE603d831e7D75f4fc10d9B43E	0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801
20230730 19:08 UTC	CRV/ETH	Attacker: 0xb752DeF3a1fDEd45d6c4b9F4A8F18E645b41b324 - Attacker contract deployed: 0x83E056Ba00bEae4D8aA83dEb326a90A4E100d0c1		https://etherscan.io/tx/0x2e7dc8b2fb7e25fd00ed9565dcc0ad4546363171d5e00f196d48103983ae477c
20230730 22:00 UTC	CRV/ETH	Frontrun by coffeebabe.eth 0xC0ffeEBABE5D496B2DDE509f9fa189C25cF29671		https://etherscan.io/tx/0xcd99fadd7e28a42a063e07d9d86f67c88e10a7afe5921bd28cd1124924ae2052

Let’s breakdown one these hack:

For the first hack, attacker address have been ETH provided via Tornado.cash, example:

Untitled

Then, the (or they) attacker deployed malicious smart contract with this ETH.

<aside> 💡 First example in the time line event is attacker 0x172f6FdEfEb079E435f22C918a919540F4721E60, who deployed a smart contract 0x6A1a7578e36cF0838C77F59d1f029873B8E0FF77 that tried to hack the pETH/ETH curve pool call via this transaction 0xb5d91f1e0afc96a52f8c6c28eae405eda7fcc5d34d6d03bdd8b16bd58089e939.

</aside>

The transaction failed because front-runned as seen in the tab:

Untitled

Even if it’s a whitehack, let’s explain it. The other use case are similar.

Steps for the front-runner:

To explain this attack I’m using this explorer:

Phalcon Blockchain Transaction Explorer

Line0 - Frontrunner 0x6Ec21d1868743a44318c3C259a6d4953F9978538 deployed this contract 0x466B85B49EC0c5C1eB402d5EA3C4b88864Ea0f04 through a call to the target pool and call the start() function https://explorer.phalcon.xyz/tx/eth/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c?line=0